Stefan Metzmacher [Mon, 20 Sep 2010 23:40:56 +0000 (01:40 +0200)]
pidl/Typelist: let typeIs() do TYPEDEF dereference in the HASH case
metze
Günther Deschner [Tue, 28 Sep 2010 20:53:08 +0000 (22:53 +0200)]
s3-waf: add in a little hack to deal with the ECHO rpc module for non-developer builds.
This will be removed once we have the rpc modules subsystem in place.
Guenther
Andrew Tridgell [Tue, 28 Sep 2010 18:24:37 +0000 (11:24 -0700)]
autobuild: use git notes for autobuild messages
This avoids changing the commit ID when we add a note that the
autobuild has passed
thanks to Jelmer for this suggestion!
Andrew Tridgell [Tue, 28 Sep 2010 18:23:35 +0000 (11:23 -0700)]
selftest: enable FAIL_IMMEDIATELY in autobuild make test
this should reduce the time we wait for previous failing builds.
Right now this will only work for s4, as we need a makefile change for
s3 support
Andrew Tridgell [Tue, 28 Sep 2010 17:48:38 +0000 (10:48 -0700)]
s4-drs: added support for DRSUAPI_EXOP_REPL_OBJ
this extended getncchanges operation replicates a single object
Andrew Tridgell [Tue, 28 Sep 2010 17:46:03 +0000 (10:46 -0700)]
ldb-tdb: ignore failure to register control on rootdse
this is expected for non-sam LDBs
Andrew Tridgell [Tue, 28 Sep 2010 17:40:18 +0000 (10:40 -0700)]
s4-drs: use drs_ObjectIdentifier_*() calls in getncchanges
this allows for replication by GUID or SID
Andrew Tridgell [Tue, 28 Sep 2010 17:39:52 +0000 (10:39 -0700)]
s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c
this will be used outside of the drs server.
This also fixes the handling of the ndr_size elements of the
drs_ObjectIdentifier
Andrew Tridgell [Tue, 28 Sep 2010 17:38:40 +0000 (10:38 -0700)]
waf: we don't need the preprocessor recursion limit any more
thanks to ita for this
Nadezhda Ivanova [Mon, 27 Sep 2010 04:16:47 +0000 (21:16 -0700)]
s4-drs: Added check for drs-manage-topology to updateRefs.
Nadezhda Ivanova [Mon, 27 Sep 2010 04:14:45 +0000 (21:14 -0700)]
s4-drs: Added drs_security_access_check function
It takes a security token, an ldb_context, and the desired CAR and checks
if the principal has this CAR granted
Nadezhda Ivanova [Mon, 27 Sep 2010 04:12:48 +0000 (21:12 -0700)]
s4-dsdb: adapted check_access_on_dn for use in drs.
Andrew Bartlett [Tue, 28 Sep 2010 17:59:15 +0000 (03:59 +1000)]
heimdal Fix DNS name qualification to not mangle IP addresses
If the host running this code used IPv6 forms for IPv4 addreses
then the check for '.' would not be sufficient to determine that this
isn't a name we should mangle. Instead, check if it can be parsed
as a numeric address first, and only then mangle.
Andrew Bartlett
Andrew Bartlett [Tue, 28 Sep 2010 03:13:28 +0000 (13:13 +1000)]
s4-kdc Handle the case where we may be given a ticket from an RODC in db layer
This includes rewriting the PAC if the original krbtgt isn't to be
trusted, and reading different entries from the DB for the krbtgt
depending on the krbtgt number.
Andrew Bartlett
Andrew Bartlett [Tue, 28 Sep 2010 03:10:24 +0000 (13:10 +1000)]
heimdal Add an error code for use in the RODC
In this case, the whole request packet should be forwarded to
a real KDC, with full secrets, as we don't have the password.
This could also be used to implement 'play dead when the LDAP
server is down'.
Andrew Bartlett
Andrew Bartlett [Tue, 28 Sep 2010 03:07:53 +0000 (13:07 +1000)]
heimdal Add support for extracting a particular KVNO from the database
This should allow master key rollover.
(but the real reason is to allow multiple krbtgt accounts, as used by
Active Directory to implement RODC support)
Andrew Bartlett
Andrew Bartlett [Tue, 28 Sep 2010 03:05:37 +0000 (13:05 +1000)]
s4-kdc Add common setup, handle RODC setup case
This means we just set up the system_session etc in one place
and don't diverge between the MIT and Heimdal plugins.
We also now determine if we are an RODC and store some details
that we will need later.
Andrew Bartlett
Andrew Bartlett [Tue, 28 Sep 2010 02:57:15 +0000 (12:57 +1000)]
s4-dsdb Add ldb_reset_err_string() when we set error codes.
If we don't we could show an old, incrorrect error
Andrew Bartlett [Tue, 28 Sep 2010 02:55:48 +0000 (12:55 +1000)]
s4-dsdb Make samdb_reference_dn() use dsdb_search() and DSDB_SEARCH_ONE_ONLY
This simplifies the function. While doing so, also change the error
string setting to set a really clear error string for the failure to find
and failure to parse cases.
Andrew Bartlett
Andrew Bartlett [Tue, 28 Sep 2010 02:53:06 +0000 (12:53 +1000)]
s4-kdc Add function to determine if a hdb entry is a RODC
This is important, as we must ignore the PAC from an RODC.
Andrew Bartlett
Andrew Bartlett [Tue, 28 Sep 2010 02:49:44 +0000 (12:49 +1000)]
s4-kdc Use msDS-SecondaryKrbTgtNumber to fill in the full KVNO
Andrew Bartlett
Andrew Bartlett [Mon, 27 Sep 2010 04:43:33 +0000 (14:43 +1000)]
s4-dsdb Fix segfault in error case in rootdse module
Michael Wood [Sun, 26 Sep 2010 22:05:05 +0000 (00:05 +0200)]
Make upgrade procedure more explicit.
Add in a compile step.
Change the tar command to include the recommended dirs.
Günther Deschner [Tue, 28 Sep 2010 18:00:47 +0000 (20:00 +0200)]
s3-waf: add AUTH_SCRIPT module to AUTH subsystem (which is build as shared
module by default).
Guenther
Günther Deschner [Tue, 28 Sep 2010 18:00:12 +0000 (20:00 +0200)]
s3-waf: add vfs_linux_xfs_sgid to the list of default shared modules.
Guenther
Volker Lendecke [Tue, 28 Sep 2010 16:40:49 +0000 (18:40 +0200)]
s3: Attempt to fix bug 7518
If select returns -1, we can't rely on the fd sets. The current code might loop
endlessly because when putting an invalid fd (the closed socket?) on the read
set, a select implementation might choose not to touch it but directly return
with EINVAL. Thus run_events will see the socket readable, which leads to a
"return true", and thus a NT_STATUS_RETRY -> same game again.
We should never get into this situation, but to me the logfiles given in bug
7518 do not reveal enough information to understand how this can happen.
Volker Lendecke [Tue, 28 Sep 2010 08:38:20 +0000 (10:38 +0200)]
s3: Increase the debuglevel for connection termination msgs
Günther Deschner [Tue, 28 Sep 2010 07:27:54 +0000 (09:27 +0200)]
s3-waf: fix dependencies in most of our module subsystems.
Guenther
Günther Deschner [Tue, 28 Sep 2010 06:54:39 +0000 (08:54 +0200)]
s3-waf: add pam_smbpass.
Guenther
Günther Deschner [Tue, 28 Sep 2010 05:45:47 +0000 (07:45 +0200)]
s3-auth_util: make sure the system server info actually contains S-1-5-18.
Without this, all security descriptor checks for the winreg spoolss backend fail
and make our spoolss system in its current shape basically unusable.
Andreas, please check.
Guenther
Günther Deschner [Tue, 28 Sep 2010 03:39:42 +0000 (05:39 +0200)]
s3-printing: remove unused old structs.
Guenther
Jelmer Vernooij [Tue, 28 Sep 2010 07:16:03 +0000 (09:16 +0200)]
ldb: Fix path to alternative buildtools.
Jelmer Vernooij [Tue, 28 Sep 2010 07:08:10 +0000 (09:08 +0200)]
samba4: Don't update Makefile/configure from autogen.sh.
Jelmer Vernooij [Tue, 28 Sep 2010 07:00:26 +0000 (09:00 +0200)]
ldb/tevent: Fix detection of waf paths.
Jelmer Vernooij [Tue, 28 Sep 2010 06:42:26 +0000 (08:42 +0200)]
tevent: Remove make targets that are not relevant for tevent.
Jelmer Vernooij [Tue, 28 Sep 2010 06:41:11 +0000 (08:41 +0200)]
tevent: Don't update Makefile/configure files.
Jelmer Vernooij [Tue, 28 Sep 2010 06:38:33 +0000 (08:38 +0200)]
ldb: Update autogen-waf.sh to no longer overwrite existing files.
Jelmer Vernooij [Tue, 28 Sep 2010 06:34:10 +0000 (08:34 +0200)]
ldb: Remove samba-specific targets from Makefile.
Jelmer Vernooij [Tue, 28 Sep 2010 06:15:55 +0000 (08:15 +0200)]
ldb: Bump version because of addition of ldb_req_location.
Jelmer Vernooij [Tue, 28 Sep 2010 05:53:02 +0000 (07:53 +0200)]
format-subunit: Display number of failed tests even if there are no
failed testsuites.
Jelmer Vernooij [Tue, 28 Sep 2010 05:40:27 +0000 (07:40 +0200)]
selftest: Abort early on SIGPIPE.
Jelmer Vernooij [Tue, 28 Sep 2010 05:10:43 +0000 (07:10 +0200)]
Add dedicated exception for immediate failure in filter-subunit, don't raise it on known exceptions.
Andrew Tridgell [Mon, 27 Sep 2010 01:58:05 +0000 (18:58 -0700)]
s4-selftest: added a --fail-immediately option to s4 test
this can be used to force an immediate test failure on the first
failed test case. You can also use:
make test FAIL_IMMEDIATELY=1
Andrew Tridgell [Mon, 27 Sep 2010 01:56:50 +0000 (18:56 -0700)]
filter-subunit: added a --fail-immediately option
Andrew Tridgell [Tue, 28 Sep 2010 05:53:06 +0000 (22:53 -0700)]
s4-provision: fixed the authority response for our SOA record
some clients rely on this being the hostname, not the domain
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Sep 28 06:39:19 UTC 2010 on sn-devel-104
Andrew Tridgell [Tue, 28 Sep 2010 04:08:43 +0000 (21:08 -0700)]
s4-dns: implemented RODC DNS update in dns update task
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 28 Sep 2010 04:08:23 +0000 (21:08 -0700)]
s4-netlogon: added RODC DNS update call fwded to dnsupdate task
when we get a netlogon RODC DNS update, we send it to the dnsupdate
task
Andrew Tridgell [Tue, 28 Sep 2010 04:07:17 +0000 (21:07 -0700)]
s4-dns: added --update-list option to samba_dnsupdate
this allows us to use it for RODC netlogon updates
Andrew Tridgell [Tue, 28 Sep 2010 04:03:45 +0000 (21:03 -0700)]
pidl: added ifdef guards around ndr headers
this prevents us parsing the leading headers needlessly
Andrew Tridgell [Tue, 28 Sep 2010 04:03:14 +0000 (21:03 -0700)]
s4-kdc: added ifdef guards in kdc.h
this prevents too much recursion in the compiler preprocessor
Andrew Tridgell [Tue, 28 Sep 2010 02:47:14 +0000 (19:47 -0700)]
s4-ldb: removed an unused variable
Andrew Tridgell [Tue, 28 Sep 2010 02:47:01 +0000 (19:47 -0700)]
s4-kcc: fixed a incorrect context to kcctpl_get_all_bridgehead_dcs
Andrew Tridgell [Tue, 28 Sep 2010 02:46:37 +0000 (19:46 -0700)]
s4-dsdb: added samdb_find_site_for_computer() and samdb_find_ntdsguid_for_computer()
these will be used by the new RODC dns update code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 28 Sep 2010 02:45:56 +0000 (19:45 -0700)]
s4-auth: removed unused variable dom_sid
Volker Lendecke [Tue, 31 Aug 2010 21:17:11 +0000 (23:17 +0200)]
s3: Lift smbd_messaging_context() from open_sockets_smbd()
Volker Lendecke [Tue, 31 Aug 2010 21:16:50 +0000 (23:16 +0200)]
s3: Remove two calls to procid_self()
Volker Lendecke [Mon, 27 Sep 2010 05:05:43 +0000 (22:05 -0700)]
s3: Remove talloc_autofree_context() from myhostname()
No destructor needed, so we can as well use the NULL context
Volker Lendecke [Mon, 27 Sep 2010 04:06:02 +0000 (06:06 +0200)]
s3: Remove some remaining files.c globals to sconn
Volker Lendecke [Mon, 27 Sep 2010 03:50:22 +0000 (05:50 +0200)]
s3: Remove talloc_autofree_context() from files.c
Volker Lendecke [Mon, 27 Sep 2010 02:54:29 +0000 (04:54 +0200)]
s3: Lift smbd_server_conn from file_find_fd
Volker Lendecke [Mon, 27 Sep 2010 02:49:00 +0000 (04:49 +0200)]
s3: Remove smbd_server_conn from file_fsp
Volker Lendecke [Mon, 27 Sep 2010 02:46:18 +0000 (04:46 +0200)]
s3: Slightly simplify file_fnum
req==NULL should never happen, see the comment
Volker Lendecke [Mon, 27 Sep 2010 02:13:22 +0000 (04:13 +0200)]
s3: Remove smbd_server_conn from file_sync_all
Volker Lendecke [Mon, 27 Sep 2010 02:12:15 +0000 (04:12 +0200)]
s3: Remove smbd_server_conn from file_find_subpath
Volker Lendecke [Mon, 27 Sep 2010 02:05:25 +0000 (04:05 +0200)]
s3: Lift smbd_server_conn from file_find_di_first
Volker Lendecke [Mon, 27 Sep 2010 02:00:31 +0000 (04:00 +0200)]
s3: Lift smbd_server_conn from file_find_dif
Volker Lendecke [Mon, 27 Sep 2010 01:53:00 +0000 (03:53 +0200)]
s3: Remove smbd_server_conn from files_forall
Volker Lendecke [Mon, 27 Sep 2010 01:46:12 +0000 (03:46 +0200)]
s3: Remove smbd_server_conn from file_close_user
Volker Lendecke [Mon, 27 Sep 2010 01:42:36 +0000 (03:42 +0200)]
s3: Remove smbd_server_conn from file_close_pid
Volker Lendecke [Mon, 27 Sep 2010 01:40:11 +0000 (03:40 +0200)]
s3: Remove smbd_server_conn from file_close_conn
Volker Lendecke [Mon, 27 Sep 2010 01:38:14 +0000 (03:38 +0200)]
s3: Remove smbd_server_conn from file_new and file_free
Volker Lendecke [Mon, 27 Sep 2010 00:37:59 +0000 (02:37 +0200)]
s3: Lift smbd_server_conn from file_fnum
Volker Lendecke [Mon, 27 Sep 2010 00:29:36 +0000 (02:29 +0200)]
s3: Move "Files" to smbd_server_connection
Volker Lendecke [Mon, 27 Sep 2010 00:15:18 +0000 (02:15 +0200)]
s3: Remove "server_fd" global variable
Volker Lendecke [Sun, 26 Sep 2010 23:44:06 +0000 (01:44 +0200)]
s3: Remove talloc_autofree_context() from receive_unexpected()
This is freed in this routine a few lines down
Stefan Metzmacher [Tue, 28 Sep 2010 02:50:32 +0000 (04:50 +0200)]
s4:gensec_tstream: remove plain socket handling
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Sep 28 04:54:24 UTC 2010 on sn-devel-104
Stefan Metzmacher [Wed, 3 Feb 2010 13:36:10 +0000 (14:36 +0100)]
s4:lib/tls: add gnutls backend for tstream
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
Stefan Metzmacher [Wed, 22 Sep 2010 10:13:28 +0000 (12:13 +0200)]
s4:gensec: add gensec_create_tstream()
Based on the initial patch from Andreas Schneider <asn@redhat.com>.
metze
Stefan Metzmacher [Tue, 28 Sep 2010 00:33:23 +0000 (02:33 +0200)]
s4:wrepl_server: use SOCKET_FLAG_NOCLOSE instead of a dup()
The key thing is that we might have to turn the incomming
connection into a outgoing connection.
This change makes sense anyway, because we donate the fd to
tstream.
metze
Stefan Metzmacher [Tue, 28 Sep 2010 00:13:12 +0000 (02:13 +0200)]
s4:rpc_server: use SOCKET_FLAG_NOCLOSE to avoid calling close() on the socket fd twice.
metze
Jeremy Allison [Tue, 28 Sep 2010 01:24:01 +0000 (18:24 -0700)]
Add torture test BAD-NBT-SESSION as regression fix for bug 7698 - Assert causes smbd to panic on invalid NetBIOS session request.
Jeremy.
Jeremy Allison [Tue, 28 Sep 2010 01:21:46 +0000 (18:21 -0700)]
Small tweak to bugfix for 7698 - Assert causes smbd to panic on invalid NetBIOS session request.
Don't just fail to reply on a bad NBT name, just don't do the
internal action.
Jeremy.
Stefan Metzmacher [Mon, 27 Sep 2010 21:57:34 +0000 (23:57 +0200)]
tsocket: make sure we delete the fd event before calling close()
We got random double free errors, when getting events from
epoll_wait() and try to dereference the private talloc pointer
attached to it.
Before doing the close() in the tstream_disconnect_send() function
we need to delete the fd event.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Sep 28 01:02:55 UTC 2010 on sn-devel-104
Jeremy Allison [Mon, 27 Sep 2010 12:46:07 +0000 (05:46 -0700)]
Change to using TDB_INCOMPATIBLE_HASH (the jenkins hash) on all
TDB_CLEAR_IF_FIRST tdb's. For tdb's like gencache where we open
without CLEAR_IF_FIRST and then with CLEAR_IF_FIRST if corrupt
this is still safe to use as if opening an existing tdb the new
hash will be ignored - it's only used on creating a new tdb not
opening an old one.
Jeremy.
Andrew Tridgell [Mon, 27 Sep 2010 22:03:44 +0000 (15:03 -0700)]
s4-ildap: two more places that need talloc_reparent()
these contexts can have references
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Sep 28 00:04:03 UTC 2010 on sn-devel-104
Andrew Tridgell [Mon, 27 Sep 2010 21:56:04 +0000 (14:56 -0700)]
s4-kcc: don't print "Testing kcctpl_create_intersite_connections"
log level 0 is excessive for this!
Andrew Tridgell [Mon, 27 Sep 2010 21:42:13 +0000 (14:42 -0700)]
s4-drs: make getncchanges debug less verbose
quieten make test a little
Andrew Tridgell [Mon, 27 Sep 2010 21:34:43 +0000 (14:34 -0700)]
s4-dns: avoid search domains expansion in DNS resolver
add a '.' if the name contains a '.' already, but not at the end
Andrew Tridgell [Mon, 27 Sep 2010 21:34:06 +0000 (14:34 -0700)]
heimdal: avoid DNS search domain expansion
When you have a domain search list in resolv.conf, and one of the DNS
servers for a searched domain is uncontactable then we would timeout
resolving DNS names.
Avoid this by adding a '.' to the hostname if the hostname already has
a '.' in it, which we assume to mean it is fully qualified.
Günther Deschner [Mon, 27 Sep 2010 23:10:57 +0000 (01:10 +0200)]
samr: add three new ACB flags to IDL.
Guenther
Günther Deschner [Mon, 27 Sep 2010 22:10:54 +0000 (00:10 +0200)]
s3-spoolss: Fix _spoolss_EnumPrintProcDataTypes error handling
Günther Deschner [Mon, 27 Sep 2010 22:10:31 +0000 (00:10 +0200)]
s4-smbtorture: rework spoolss_EnumPrintProcDataTypes test.
Guenther
Günther Deschner [Mon, 27 Sep 2010 22:10:17 +0000 (00:10 +0200)]
s3-spoolss: Fix _spoolss_EnumPrintProcessors error handling
Günther Deschner [Mon, 27 Sep 2010 21:33:52 +0000 (23:33 +0200)]
s4-smbtorture: rework test_EnumPrintProcessors to let it test more combinations.
Guenther
Günther Deschner [Mon, 27 Sep 2010 06:10:58 +0000 (08:10 +0200)]
s3-waf: add NDR_PERFCOUNT subsystem.
Guenther
Andrew Tridgell [Mon, 27 Sep 2010 19:54:26 +0000 (12:54 -0700)]
s4-ildap: fixed a talloc_steal with references error
We need talloc_reparent() instead
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 20:38:00 UTC 2010 on sn-devel-104
Nadezhda Ivanova [Mon, 27 Sep 2010 17:01:09 +0000 (10:01 -0700)]
s4-ldb: Added ldb_request_replace_control
It is the same as ldb_request_add_control, except it will replace
an existing control.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 19:00:38 UTC 2010 on sn-devel-104
Anatoliy Atanasov [Mon, 27 Sep 2010 00:05:13 +0000 (17:05 -0700)]
s4/irpc: Add security token to the binding handle when doing irp call forwarding
Anatoliy Atanasov [Mon, 27 Sep 2010 00:04:43 +0000 (17:04 -0700)]
s4/irpc: Add function to add security token to the binding handle
Stefan Metzmacher [Sun, 26 Sep 2010 23:42:26 +0000 (01:42 +0200)]
s4:irpc: optionaly pass the security_token via IRPC requests.
metze